The WebGoatV5 application is designed to illustrate typical security flaws within web-applications. It is intended to teach a structured approach to testing for, and exploiting such vulnerabilities within the context of an Application Security Assessment.

The WebGoatV5 application is designed to illustrate typical security flaws within web-applications. It is intended to teach a structured approach to testing for, and exploiting such vulnerabilities within the context of an Application Security Assessment.

−

A full Application Security Assessment testing methodology is being documented by <u>http://www.owasp.org/index.php/OWASP_Testing_Project</u> and this will provide a superset of the issues demonstrated within the WebGoat. If may include a formal design and code review, for example. The WebGoat lessons aim to give practical training and examples relating to the ''Implementation'' ''Review'' phase of the OWASP Web Application Security Testing Methodology.

+

A full Application Security Assessment testing methodology is being documented by <u>http://www.owasp.org/index.php/OWASP_Testing_Project</u> and this will provide a superset of the issues demonstrated within the WebGoat. It may include a formal design and code review, for example. The WebGoat lessons aim to give practical training and examples relating to the ''Implementation'' ''Review'' phase of the OWASP Web Application Security Testing Methodology.

The WebGoatv5 Application provides a testing platform for a typical application security assessment. The assessor is given the same information and rights as a typical customer or client of an on-line application.

The WebGoatv5 Application provides a testing platform for a typical application security assessment. The assessor is given the same information and rights as a typical customer or client of an on-line application.

Latest revision as of 11:20, 30 November 2009

Overview

The WebGoatV5 application is designed to illustrate typical security flaws within web-applications. It is intended to teach a structured approach to testing for, and exploiting such vulnerabilities within the context of an Application Security Assessment.

A full Application Security Assessment testing methodology is being documented by http://www.owasp.org/index.php/OWASP_Testing_Project and this will provide a superset of the issues demonstrated within the WebGoat. It may include a formal design and code review, for example. The WebGoat lessons aim to give practical training and examples relating to the ImplementationReview phase of the OWASP Web Application Security Testing Methodology.

The WebGoatv5 Application provides a testing platform for a typical application security assessment. The assessor is given the same information and rights as a typical customer or client of an on-line application.

The application is web based

The attack simulations are remote

All of the described techniques may be performed from any connected location.

The testing is black-box

Source code is not supplied, but it can be viewed and downloaded.

Credentials and operational information is provided

Of course, the teaching aspect of WebGoat means that certain information will be revealed that would not typically be available. This makes it possible to guide the tester through an assessment process.